CVE-2025-8034: 
NixOS vulnerability analysis and mitigation

CVE-2025-8034 is a memory safety vulnerability discovered in Mozilla Firefox and Thunderbird products, disclosed on July 22, 2025. The vulnerability affects multiple versions including Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. This security issue was identified by the Mozilla Fuzzing Team (Mozilla Advisory).

The vulnerability is classified as a memory corruption issue (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer). It received a CVSS v3.1 base score of 8.8 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The bugs showed evidence of memory corruption that could potentially be exploited to run arbitrary code with enough effort (NVD).

The vulnerability could potentially allow attackers to execute arbitrary code on affected systems through memory corruption exploitation. This poses significant risks to confidentiality, integrity, and availability of the affected systems, as indicated by the high CVSS score (CISA-ADP).

Mozilla has released fixes in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird ESR 128.13, and Thunderbird ESR 140.1. Users are advised to update to these versions to mitigate the vulnerability (Mozilla Advisory).